0.77: Authentication system 👮‍♂️ + Hangouts bot 🤖

It’s time for a great new release and it includes a big change: the new authentication system has been activated! We’ve worked very hard on this for the last couple of months to make the transition as smooth as possible. Updating to this release is a non-breaking change (unless you had no API password configured). As can be seen in the video above, when you start Home Assistant after the update, you will be presented with our new onboarding flow. This will ask you to create a new account after which you will be able to log in to Home Assistant.

Once logged in, you will have access to the following new features:

Change your password

Configure multifactor authentication (TOTP)

Manage other users (limited to account created during onboarding)

Although it’s possible to configure authentication, we strongly recommend to stick with the default authentication configuration. If you had auth providers configured in a previous Home Assistant release, we recommend to remove the configuration and start using the default.

It will take some time before all of the Home Assistant ecosystem has been migrated over to the new auth system. Home Assistant will print a warning whenever an application connects to Home Assistant with the legacy authentication. This will help users notify the application developers to transition to use the new OAuth2 authentication. For non-interactive scripts or other applications that are unable to update, we are planning to introduce a migration path for components to adopt url specific auth tokens and also introduce long lived access tokens to replace API passwords. A list of impacted components can be found here.

Our iOS app will soon be updated to work with the new auth. It’s already in testing. The old app will continue to work with the legacy API password support. It will however require a second login when using the webview.

If you are using a proxy server (NGINX etc) in front of Home Assistant to provide authentication, check this blogpost by @DubhAd how to make it work.

I want to say a biiiig thank you to all the people that have been involved in the development and testing of the new authentication system. It’s been a big project and it’s been great to see how we, as a community, have rallied together to tackle it. Especially a big shout out to @awarecan who has done an amazing job on this.

Hangouts

And that’s not it ! @hobbypunk90 has contributed a new integration for Google Hangouts. You can send messages but can also configure intents to handle incoming messages from specific people. Very cool!

Lovelace

You didn’t think we would forget about Lovelace, did you? This release include a new notification drawer thanks to @jeradM. It will collect all persistent notifications and configurator entities and shows it in a new sidebar toggleable from the toolbar.

Script Syntax: The wait template will now continue to run the remainder of the script on timeout, the original functionality can be gained by setting continue_on_timeout: false. Allow wait template to run the remainder of the script (@lhovo - #15836) (breaking change)

Update Xiaomi Vacuum to new StateVacuumDevice changed some services: turn_on -> start, turn_off -> return_to_dock, toggle has been removed. States ‘on’ and ‘off’ will also no longer be used. (@cnrd - #15643) (breaking change)

Update neato to support new StateVacuumDevice changed some services: turn_on -> start, turn_off -> return_to_dock, toggle has been removed. States ‘on’ and ‘off’ will also no longer be used. (@dshokouhi - #16035) (vacuum.neato docs) (breaking change)